Encrypted Virtual File System (EVFS): Building a encrypted Linux filesystem from an ordinary linux file

First let me explain you, What are the advantages of EVFS:
1. You can take a disk file, format it as an vfat, ext3 filesystem, and then mount it, just like a physical drive. This is an excellent way to investigate different filesystems without hassle of reformatting a physical drive.

2. It protects unauthorized access to the information.

3. It is a single file which will acts as encrypted virtual disk, that will store files, directories inside it.

4. The big advantage is, it is Portable. The file we create here will open as encrypted virtual disk in windows, Linux, etc.

LUKS is a standard for hard disk encryption. Most disk encryption software implements different and incompatible formats, LUKS specifies a platform-independent standard on disk format for use in various tools on different operating systems such as Windows, Linux, etc

In this article, I will explain how to create encrypted virtual disk, how to use it on Linux and how to use it on windows.

A. How to create Encrypted Virtual Disk

Step1: Create a file with desired size. (The size you will specify here will be the size of your virtual disk.)

dd if=/dev/urandom of=disk.img bs=1M count=10

I used urandom to fill the file with random values. You can use if=/dev/zero instead of if=/dev/urandom to fill the file with zeros. Bydefault dd uses 512bytes as a size parameter. We define custom size using bs argument, as show in example (in blue colour). The bs argument accepts common suffixes (k, M, G) for large numbers. bs specifies the number of bytes read into memory with single read() system call and written out with s single write() system call. I created 10MB file in this example. (size = bs * count). You can tune the bs and count parameters according to your need.

Step 3: Now we have a partition of 10MB. In this step we will encrypt that partition.

sudo cryptsetup luksFormat -c aes -s 256 /dev/loop0

-c parameter is used to specify cipher. I used AES (Advanced Encryption Standard) in this example.-s parameter is used to specify keysize for cipher in bits. It must be multiple of 8 bits. In this example I used 256 bit cipher key.

(Note: You can tune above parameters according to ur need)

(Note: This will ask you for confirmation before proceeding, you have to type YES in uppercase, if you want to continue. Then it will ask you for password for EVFS. This password you have to use whenever you want to access EVFS).

Step4: Now tell Linux to treat the encrypted partition as a Disk Device.

sudo cryptsetup luksOpen /dev/loop0 krp

krp is the name of disk device. you can use any name there.

Step5: Now Format the file system on ths disk

sudo mkfs -t vfat /dev/mapper/krp

Step6: Done. Cleanup the system now.

sudo cryptsetup luksClose krp sudo losetup -d /dev/loop0

Now we have a single file as a encrypted virtual file system. In that file we can store any data which we want to hide from others. And as it is a single file you can move it from one machine to another machine without hassle of reformatting and installation of OS.

B. How to use Encrypted Virtual File System on Linux

Step 1: Tell Linux to treat this file as a disk device

sudo losetup /dev/loop0 disk.img

Step2: Tell Linux to treat the encrypted partition as a disk device

sudo cryptsetup luksOpen /dev/loop0 kailas

Step3: Mount the disk

sudo mount /dev/mapper/kailas /mnt

Now you can access the files in directory /mnt
You can create new files there or copy files there. Those files will be stored in your encrypted Virtual FileSystem.